[jboss-jira] [JBoss JIRA] (AS7-5825) Custom JAAS Security Realm for Remoting

Pedro Igor (JIRA) jira-events at lists.jboss.org
Tue Oct 23 12:03:02 EDT 2012 

     [ https://issues.jboss.org/browse/AS7-5825?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Pedro Igor updated AS7-5825:
----------------------------

    Steps to Reproduce: 
Just followed these steps:

1) Add a new security-realm config

<security-realm name="CustomSecurityRealm">
    <authentication>
        <jaas name="custom-security-domain"/>
    </authentication>
</security-realm>

2) Add a new security-domain to be used by the new Security Realm

3) Change the remoting-connector to use the CustomSecurityRealm

<connector name="remoting-connector" socket-binding="remoting" security-realm="CustomSecurityRealm"/>

Try to invoke the an EJB using a standalone client that uses the PLAIN SASL mech.

Hashtable<String, Object> env = new Hashtable<String, Object>();

        Security.addProvider(new Provider());

        Element assertion = getAssertionFromSTS("UserA", "PassA");

        env.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
        env.put("java.naming.factory.initial", "org.jboss.naming.remote.client.InitialContextFactory");
        env.put("java.naming.provider.url", "remote://localhost:4447");
        env.put("jboss.naming.client.ejb.context", "true");
        env.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");
        env.put("javax.security.sasl.policy.noplaintext", "false");

        env.put(Context.SECURITY_PRINCIPAL, "admin");
        env.put(Context.SECURITY_CREDENTIALS, DocumentUtil.getNodeAsString(assertion));

        Context context = new InitialContext(env);

        EchoService object = (EchoService) context.lookup("ejb-test/EchoServiceImpl!org.picketlink.test.trust.ejb.EchoService");

        Assert.assertEquals("Hi UserA", object.echo("Hi "));

  was:
Just followed these steps:

1) Add a new security-realm config

<security-realm name="CustomSecurityRealm">
    <authentication>
        <jaas name="custom-security-domain"/>
    </authentication>
</security-realm>

2) Add a new security-domain to be used by the new Security Realm

3) Changed the remoting-connector to use the CustomSecurityRealm

<connector name="remoting-connector" socket-binding="remoting" security-realm="CustomSecurityRealm"/>

Try to invoke the an EJB using a standalone client that uses the PLAIN SASL mech.

Hashtable<String, Object> env = new Hashtable<String, Object>();

        Security.addProvider(new Provider());

        Element assertion = getAssertionFromSTS("UserA", "PassA");

        env.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
        env.put("java.naming.factory.initial", "org.jboss.naming.remote.client.InitialContextFactory");
        env.put("java.naming.provider.url", "remote://localhost:4447");
        env.put("jboss.naming.client.ejb.context", "true");
        env.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");
        env.put("javax.security.sasl.policy.noplaintext", "false");

        env.put(Context.SECURITY_PRINCIPAL, "admin");
        env.put(Context.SECURITY_CREDENTIALS, DocumentUtil.getNodeAsString(assertion));

        Context context = new InitialContext(env);

        EchoService object = (EchoService) context.lookup("ejb-test/EchoServiceImpl!org.picketlink.test.trust.ejb.EchoService");

        Assert.assertEquals("Hi UserA", object.echo("Hi "));


    
> Custom JAAS Security Realm for Remoting
> ---------------------------------------
>
>                 Key: AS7-5825
>                 URL: https://issues.jboss.org/browse/AS7-5825
>             Project: Application Server 7
>          Issue Type: Bug
>    Affects Versions: 7.1.1.Final
>         Environment: JBoss Application Server 7.1.1.Final
>            Reporter: Pedro Igor
>
> Tried to configure a custom JAAS Security Realm for the Remoting Connector using JBoss Application Server 7.1.1.Final.
> These same steps work with JBoss AS 7.2.0 and 7.1.3.
> When debbuging the client (in my case a EJB standalone client using org.jboss.ejb.client.naming) I noticed that the PLAIN mech is not returned by the server.
> My client expects the PLAIN mech to authenticate users using the provided username / password when creating the InitialContext.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list